Integrated Remote Access Controller Firmware
by Dell
CVEs (39)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7273 | Cri | 0.64 | 9.8 | 0.01 | Apr 10, 2017 | Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. | ||
| CVE-2015-7272 | Cri | 0.64 | 9.8 | 0.03 | Apr 10, 2017 | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input. | ||
| CVE-2015-7271 | Cri | 0.64 | 9.8 | 0.03 | Apr 10, 2017 | Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. | ||
| CVE-2015-7274 | Hig | 0.57 | 8.8 | 0.02 | Apr 10, 2017 | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. | ||
| CVE-2015-7270 | Hig | 0.51 | 7.8 | 0.01 | Apr 10, 2017 | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. | ||
| CVE-2015-7275 | Med | 0.40 | 6.1 | 0.01 | Apr 10, 2017 | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. | ||
| CVE-2022-24422 | 0.01 | — | 0.54 | May 26, 2022 | Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console. | |||
| CVE-2021-36301 | 0.01 | — | 0.28 | Nov 23, 2021 | Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system. | |||
| CVE-2026-26948 | 0.00 | — | 0.00 | Mar 18, 2026 | Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could… | |||
| CVE-2026-26945 | 0.00 | — | 0.00 | Mar 18, 2026 | Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged… | |||
| CVE-2025-22397 | 0.00 | — | 0.00 | Nov 6, 2025 | Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a… | |||
| CVE-2024-25943 | 0.00 | — | 0.01 | Jun 29, 2024 | iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable… | |||
| CVE-2024-25951 | 0.00 | — | 0.01 | Mar 9, 2024 | A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system. | |||
| CVE-2022-34436 | 0.00 | — | 0.00 | Jan 18, 2023 | Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform… | |||
| CVE-2022-34435 | 0.00 | — | 0.01 | Jan 18, 2023 | Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform… | |||
| CVE-2022-24423 | 0.00 | — | 0.02 | Apr 21, 2022 | Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in a denial of service condition. | |||
| CVE-2021-36348 | 0.00 | — | 0.01 | Jan 25, 2022 | iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to… | |||
| CVE-2021-36347 | 0.00 | — | 0.02 | Jan 25, 2022 | iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the… | |||
| CVE-2021-36346 | 0.00 | — | 0.04 | Jan 25, 2022 | Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver. | |||
| CVE-2021-36300 | 0.00 | — | 0.33 | Nov 23, 2021 | iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure. |
- risk 0.64cvss 9.8epss 0.01
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.
- risk 0.64cvss 9.8epss 0.03
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.
- risk 0.64cvss 9.8epss 0.03
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.
- risk 0.57cvss 8.8epss 0.02
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.
- risk 0.51cvss 7.8epss 0.01
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.
- risk 0.40cvss 6.1epss 0.01
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.
- CVE-2022-24422May 26, 2022risk 0.01cvss —epss 0.54
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
- CVE-2021-36301Nov 23, 2021risk 0.01cvss —epss 0.28
Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system.
- CVE-2026-26948Mar 18, 2026risk 0.00cvss —epss 0.00
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could…
- CVE-2026-26945Mar 18, 2026risk 0.00cvss —epss 0.00
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged…
- CVE-2025-22397Nov 6, 2025risk 0.00cvss —epss 0.00
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a…
- CVE-2024-25943Jun 29, 2024risk 0.00cvss —epss 0.01
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable…
- CVE-2024-25951Mar 9, 2024risk 0.00cvss —epss 0.01
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
- CVE-2022-34436Jan 18, 2023risk 0.00cvss —epss 0.00
Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform…
- CVE-2022-34435Jan 18, 2023risk 0.00cvss —epss 0.01
Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform…
- CVE-2022-24423Apr 21, 2022risk 0.00cvss —epss 0.02
Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in a denial of service condition.
- CVE-2021-36348Jan 25, 2022risk 0.00cvss —epss 0.01
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to…
- CVE-2021-36347Jan 25, 2022risk 0.00cvss —epss 0.02
iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the…
- CVE-2021-36346Jan 25, 2022risk 0.00cvss —epss 0.04
Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.
- CVE-2021-36300Nov 23, 2021risk 0.00cvss —epss 0.33
iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure.
Page 1 of 2